Security enforcement in virtualized systems
First Claim
Patent Images
1. A system comprising:
- a first server to;
receive information about a first application and a second application of a second server;
receive identity information of a user,the user being associated with a client that is connected to a third server, andthe third server executing an operating system for the client;
determine access control information based on the information about the first application and the second application and based on the identity information; and
provide the access control information to an enforcer,the operating system being provided, by the enforcer, selective access to the first application or the second application based on the access control information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.
-
Citations
20 Claims
-
1. A system comprising:
a first server to; receive information about a first application and a second application of a second server; receive identity information of a user, the user being associated with a client that is connected to a third server, and the third server executing an operating system for the client; determine access control information based on the information about the first application and the second application and based on the identity information; and provide the access control information to an enforcer, the operating system being provided, by the enforcer, selective access to the first application or the second application based on the access control information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A method comprising:
-
receiving, by a first server, information about a first application and a second application of a second server; receiving, by the first server, identity information of a user, the user being associated with a client that is connected to a third server, and the third server executing an operating system for the client; determining, by the first server, access control information based on the information about the first application and the second application and based on the identity information; and providing, by the first server, the access control information to an enforcer, the operating system being provided, by the enforcer, selective access to the first application or the second application based on the access control information. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by at least one processor of a first server, cause the at least one processor to; receive information about a first application and a second application of a second server; receive identity information of a user, the user being associated with a client that is connected to a third server, and the third server executing an operating system for the client; generate access control information based on the information about the first application and the second application and based on the identity information; and provide the access control information to an enforcer, the operating system being provided, by the enforcer, selective access to the first application or the second application based on the access control information. - View Dependent Claims (16, 17, 18, 19, 20)
Specification